> Ok, thanks for the clarification. I guess that my goal to have an Active
> Directory proxied properly is not going to happen. I would need a complete
> AD schema for OpenLDAP, and that's probably now available anywhere.
Well, this may not be entirely true, although I'm not 100% sure this works
as intended in your case. In fact, slapd is relatively picky about
knowing a definition of entities it needs to use. In your case, the
objectClass you're using in the filter, and any attribute you may use in a
filter. However, as soon as data whose definition is not known are
returned by a proxy, slapd can live with them under the assumption they
won't be used for anything special. So if you search an entry
dn: cn=Some Name,dc=some,dc=org
objectClass: fancyObject
cn: Some Name
fancyAttr: fancy stuff
using the objectClass or fancyAttr in the filter, they need to be known by
slapd; however, if you just search for anything below dc=some,dc=org, and
that entry is returned by the proxy, slapd will record fancyObject and
fancyAttr for future reference, although in a non-persistent manner (the
next time you start slapd you'll need it to learn again about their
existence).
p.